Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

suddenly unable to logon to laptop when remote: "Domain is unavailable".

Posted on 2006-11-27
8
Medium Priority
?
420 Views
Last Modified: 2010-04-18
I am hoping that someone out there has seen this issue before and can help me understand what happened.  I have a user with a laptop who often works remotely.  She has a non-roaming profile, so when remote, she logs into her computer using her domain credentials and uses the local profile, all as we would expect.  This has been working for about a year.

Suddenly today, she was trying to start a program using "run as" for admin rights (as she has done successfully for many months).  The system refused the password ("...username or password are incorrect").  I had her log off and try logging on as that user, but it would not do so because "the domain controller cannot be reached".  "OK", i think, "maybe I never logged into her computer as that admin user".  So I have her try using my admin credentials that I know I have used on her machine before, and it logs in ok.  I have her log back in as herself and try to "run as" the account that we just succeeded as logging in as, but it tells her "bad username or password".  

Frustrated, I think I will have her log back in under my credentials and make her account a local admin.  However, once we log out, we are no longer able to log in as this same admin user; we get "the domain controller cannot be reached.".  In fact, we can no longer log in even as her original user!  We appear to be completely unable to log into the machine because it cannot find a DC!!  

I have never had this problem before and am rather stumped as to what could have caused it?  Does anyone out there have any idea
   A) why might this happen?
   B) how can I get around the problem?
   C) how can I prevent it happening again?

I am working on solving number B right now.  Currently, I have the user looking for a network cable she can borrow.  I am thinking maybe I can have her put a check in "log in using dial-up networking" and connect to the VPN as she logs in. thus allowing her computer to talk to the domain controller.  Any thoughts on if this would work?

The user is remote for a series of meetings and not having access to her computer is causing a LOT of stress right now, so any thoughts on solving this are greatly appreciated!

Thank you!
0
Comment
Question by:boydicus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 18021924
It's all about the profile.

Runas will work as expected while connected to the domain.
Runas will work as expected, provided the credentials used have a profile on the machine (have logged on at least once on the domain).
Runas will not work when trying to use credentials that don't satisfy one of the above.

Now, changing the user's rights basically broke the "cached" security token and therefore broke the cached logon - which requires reaching out to the DC to rebuild the token and recache it.

The fix....connect it to the domain and log in once.

0
 
LVL 51

Accepted Solution

by:
Netman66 earned 1500 total points
ID: 18021955
As long as the VPN Connectoid is in the Dial Up entries, then using dial up should work.

To fix her temporarily if everything else fails, have her logon with your credentials (which should still be cached) and create a local user account that is part of the admin group.

She can then get her stuff via Documents and Settings\Profile of user\My Documents and/or Desktop.

0
 

Author Comment

by:boydicus
ID: 18022210
Netman66, thanks for your reply.  Please note that I never got a chance to change the user's profile.  In fact, it appears that "the problem" occurred while she was logged in.  I logged her out, then logged in as myself once, then logged in as herself once, and after that have been unable to log in as anyone.  The original account she was trying to use for "run as" was a local admin account, for what it is worth.

Any further thoughts would be greatly appreciated.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 51

Expert Comment

by:Netman66
ID: 18023178
Didn't I read that when you logged in you added her to the Admin group?

Runas the local Admin account shouldn't have thrown any errors though...

So, the local Admin account doesn't work either?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18023263
You may also want to check to see if her actual account in AD has expired as well.

0
 

Author Comment

by:boydicus
ID: 18025248
no, when I logged in as me initially it was just to see if it was possible.  I didnt think of adding her to admin group until my credentials failed on "run as".  Then I tried to log in as me again but was denied.  At that point I was unable to log back in as anyone.  

I used Remote Desktop to connect to a machine on her local network and was able to log in as her, so her account is good.  
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18032287
Well, unless you can get her logged in with a local account, it may be necessary to have her log back in while connected to the LAN.

It sounds like all the cached credentials are messed up.

0
 

Author Comment

by:boydicus
ID: 18040639
agreed.  To make it even more bizarre, she sent me a message that she just kept trying and trying the different accounts out of desperation, and suddenly "it started working".  I believe that she was able to log in using the connection to the VPN and this refreshed the credentials.  She can't confirm that this happened since by the end she was pretty much just flailing around.  I just wish I knew why this happened and how to guard against it in the future.  Thanks for the help.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question